eb29fced033ea67608e939b173704b856db3fe680fce51b06c85bb99b25dad9d | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Msmpeges.exe

windows7-x64

9

Msmpeges.exe

windows10-2004-x64

9

Resubmissions

28/07/2023, 02:16

230728-cqg16sah59 9

28/07/2023, 02:05

230728-ch3mxabe91 9

Sharing

General

Target

Msmpeges.bin.zip
Size

76KB
Sample

230728-ch3mxabe91
MD5

5cf28ec0420b45117d3373bb19e5604e
SHA1

694351f4adf647a2d33bde95b8e2f2b7b3ebec7e
SHA256

eb29fced033ea67608e939b173704b856db3fe680fce51b06c85bb99b25dad9d
SHA512

543c07659e8e994b22982a8cfe72bd55d6d1082c045e863635ca2638de617e2c9a3f8a7f2e8b6b6c6cf5f636852200b02c069cede39c59b2f0b0f840fc2b63ee
SSDEEP

1536:M3uo1g0iS/HVj9cliots6vYyDEAIeZmwTQH01Jn629D6GgTyz6j6JEh1j39+zqwz:GJeSvfcliothFHaOr9D68umyh1jGqwz

Score

9^/10

ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Msmpeges.exe

Resource

win7-20230712-en

windows7-x64

16 signatures

600 seconds

Behavioral task

behavioral2

Sample

Msmpeges.exe

Resource

win10v2004-20230703-en

windows10-2004-x64

15 signatures

600 seconds

Malware Config

Targets

- Target
  
  Msmpeges.bin
- Size
  
  161KB
- MD5
  
  1dde7e42e33b9ed602f9c839cca7150b
- SHA1
  
  538a0f38f2745dff05c7f2e05fc1fe3165b7767e
- SHA256
  
  edcccd772c68c75f56becea7f54fb7ee677863b6beaca956c52ee20ec23b472d
- SHA512
  
  c4d5a9288237a7f06295ea7bbb86b8917b9caba23673421dad6277506771ce87e233bb6894c30802a1cda927c2a3360be49ea2c96c245e9dc5944461e256f2b0
- SSDEEP
  
  3072:X2+fD5RiXm5v/ACvkIF/o7t4PX5AvJ+juO4LcVm8:VfD5RiXmh5sIm7t4PyaELcE8
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (7409) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (7601) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy